How we collect personal information
We collect personal information in the following ways:
When you provide it directly
For example, when you:
- enquire about our activities or services
- visit our website
- make a donation
- sign up to receive updates from us
- take part in one of our events, campaign or fundraise for us
- communicate with us (either online, by email, phone, SMS or post)
When you provide it indirectly
For example, when it is shared with us by third parties such as professional fundraisers, partners, or subcontractors acting on our behalf, or through fundraising sites such as JustGiving or Virgin Money. These organisations will have their own privacy policies, and/or statements so please do ensure you check when providing your personal information to them.
When you have given other organisations permission to share it
You may have provided your details to another organisation that works with IOD. When working with other organisations, we work to ensure it’s completely clear to you that your information will be shared with IOD. The information we get from these third parties depends on your settings and the permissions and choices you have provided, so you should regularly check what you have agreed that these third party organisations may share with us or with others.
Via social media
Depending on your settings and the relevant policies and terms of service, when using social media and messaging services like Facebook and Twitter, you might give us permission to access information about you from those accounts or services.
When we collect information when you are using our website
When your information is available from public sources
We may collect personal information about you from the public domain, such as from open social networks (e.g. LinkedIn and Twitter), company websites, political and property registers, news archives, the Charity Commission, Companies House and Bloomberg
Guessing e-mail addresses
Where we have legitimate interest and feel that an organisation would want to hear from us about supporting IOD, we may source information from third parties that will help us to contact individuals in relevant roles acting on behalf of those organisations.
To administer legacies
In the course of administering legacies gifted to IOD we may obtain the personal information of, for example, other beneficiaries to the will. We also work with third party probate specialists who provide us with this information, and sometimes obtain it from other charities who are named in the will.
Sensitive personal information
Data protection law identifies certain categories of personal information as sensitive and therefore requiring more protection. For example, information about health or ethnicity. Where appropriate we may also collect/use this information, but normally only where we have your explicit consent or data protection law allows it, such as to protect the life of an individual participating in a fundraising event. We only aim to collect this type of information when we feel it is necessary in relation to your relationship with us.
How we will use your personal information
We will use your personal information in a number of ways depending on the purposes for which it has been collected, including for the following purposes:
- To provide you with the services or any information you have requested
- To update you about any changes to our services
- To communicate with you as set out in this policy below (including administrative communications as well as communications about our work, services, fundraising and events)
- To administer payments such as donations, including Gift Aid processing
- To display your profile or content on the website (if you have agreed to do so)
- To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- To maintain our organisational records and ensure we have your most up-to-date details, including marketing preferences
- To help us improve our services, campaigns or information-offering, and improve your interactions with our website (including via cookies)
- To enable you to participate in interactive features on our website
- To enable you to participate in voluntary surveys or research
- To analyse your website behaviour
- To tailor advertising that is presented to you on the internet according to your interests, preferences and other characteristics, and to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you
- To administer your volunteering or employment application
- To assist in your voluntary or fundraising work, or to run our events
- To deal with enquiries and/or complaints made by or about you
- To audit and/or administer our accounts
- To help us work with third parties to ensure that we send you targeted communications (see “What categories of personal information do we collect?” above)
- To contact you where you have been identified as a contact person for an organisation, such as a school
- To identify relevant networks and other suitable partners for IOD.
We always want you to get the most out of our website, so if you do experience any issues with our online forms we may follow up with you to find out how our team can best support you with any problems experienced.
Communicating with you
We will communicate with you using the contact details you have provided for essential administrative purposes, such as to administer a donation or provide you with information regarding a fundraising event you have asked to take part in.
We love to keep our supporters up to date with our fundraising, marketing and campaign activity.
If you have given us your consent to do so, we will contact you for marketing purposes by email, SMS message and telephone calls. We may also send you communications by post, on the basis it is in our legitimate interests to do so, unless you ask us not to.
We currently send the following marketing materials:
(a) Updates about our work – including newsletters, magazines and other publications.
(b) Campaigns – information about our campaigning activities and their progress.
(c) Appeals and fundraising activities – including requests for donations, information about how you can leave us a gift in your will, and how you can take part in fundraising events or fundraise on our behalf, as well as the impact all of this has on our work.
(d) Events – including details of our challenge events and other sponsored activities. If you sign up to take part in an event we will also send you administrative communications about how you can take part.
(e) Shop products – including information about products offered by our online shop.
(f) Volunteering – information about how you can get involved with volunteering for IOD.
You are in control of how we use your personal information for marketing and fundraising purposes, and can update your preferences at any time. If you would like to contact us about your marketing preferences, please email us on email@example.com where we will be happy to answer any queries you may have. If you do ask us to stop sending marketing communications, please note that we will continue to send you administrative communications as needed.
If you ask us to stop sending you marketing materials, we will keep a record of your contact details and appropriate information to enable us to comply with your request not to be contacted by us.
While we do not actively collect information from children (under-18s), we appreciate that our supporters are of all ages. Where appropriate, we will always ask for consent from a parent or guardian to collect information about children. All IOD events will have clear rules on whether or not children can take part and the collection of data will be managed in accordance with each individual event, with appropriate safeguards in place.
How we keep your data safe and who has access to it
We place great importance on the security of your personal information and always take appropriate precautions to protect it. We only allow authorised personnel to have access to your information.
Payment details (such as credit or debit cards) we receive through our website are passed securely to our payment processing providers who meet the required Payment Card Industry (PCI) Security Standards. We do not store your card details, when donations are made in this way.
Despite all of our precautions no data transmission over the internet can be guaranteed to be 100% secure.
Our legal basis for processing your information
Data privacy law requires us to have one or more lawful grounds to process your personal information. The following grounds are relevant to our use of your information:
- Consent. In many cases we will seek consent to process your personal information, for example to send you marketing and fundraising emails, and text messages. Where we do rely on consent, you are entitled to withdraw it at any time.
- To protect your vital interests. For example to ensure you get urgent medical assistance if needed when competing in a fundraising event.
- Where we have a contractual relationship with you. Though the majority of our relationships are voluntary, if we enter into a contract with you (such as when you purchase something from our shop) we will process information to administer that contract.
- Legal obligations. We will sometimes pass on personal information to comply with legal obligations such as providing tax and gift aid information to HMRC.
- “Legitimate Interests”. Where it is appropriate we rely on the processing being in our legitimate interests, provided we are confident that such processing is not likely to override your own legitimate interests or rights and freedoms. For example, sending you marketing and fundraising post, provided this is done in an unobtrusive manner. IOD’s legitimate interests are ultimately in pursuit of our charitable objectives, including:
- Governance and operational management, such as statutory reporting and intergroup transfers with our trading company, and employee and volunteer administration and management
- Publicity and income generation, such as marketing and fundraising, events, and supporter analysis
- Administration, such as Gift Aid
- Financial management and control, such as processing donations
You retain ultimate control of how we use your personal information.
You can always request details and copies of the information we hold about you.
Data privacy law gives you a number of additional rights. These include:
- The right to rectification: To have personal information amended if it is inaccurate or incomplete. You can ask us to check the personal data that we hold about you if you are unsure.
- The right to erasure: In some cases, to have your personal information erased (or anonymised), including when consent is withdrawn, your information is being unlawfully processed or it is no longer necessary for us to process it.
- The right to data portability. Where we are processing your information on the basis of consent you can request it to be transferred from one service provider to another in a suitable format.
- The right to object. You can ask us to stop processing your personal information in certain circumstances, including an absolute right to ask us to stop processing for direct marketing.
- The right to restrict processing. If there is any disagreement about the accuracy or legitimate usage of your personal information, you can ask us to “hold” it but not use it further, whilst the issue is resolved.
- You also have rights in relation to “automated decision making”. IOD does not currently undertake this activity, which involves complex computerised processes which produce legal effects.
If you would like to make a complaint about how we process your personal data, please email us on firstname.lastname@example.org.
Please note that you can also register with the following services to stop receiving unsolicited marketing communications from a selected charity or charities:
- The Mail Preference Service (MPS), in relation to postal communications.
- The Telephone Preference Service (TPS), in relation to phone calls.
- The Fundraising Preference Service (FPS), in relation to email, telephone, addressed post and/or text messages. We will ensure any new FPS preferences take effect within 28 days.
This policy may change from time to time. If we make any significant changes to this policy, we will publicise these changes clearly on our website or contact you directly with more information.
Please revisit this policy each time you consider giving your personal information to IOD.